On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
> I did some debugging en testing.... and solved the problem.
>
> There seems to be a big difference between STABLE9 and STABLE10
> concerning ipnat and the --enable-ipf-transparent make arg.
>
> With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
> and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
> proxying (assuming that you start your squid server with the
> squid user and squid group).
>
> With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
> but with STABLE10 you cannot!
It has always needed access to the nat device...
> The core dump (described in my first mail with this subject)
> occurs when the rights are not good on the ipnat device.
Right. A return statement has gone missing there.
The attached patch should restore the error handling equal to 2.5.STABLE9:
request rejected with error in cache.log. Please try this patch and report
back.
note: To trigger this in 2.5.STABLE9 you need to send a HTTP/1.0 request
without Host header.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT